Adobe plugs critical hole in Download Manager

Discussion in 'other security issues & news' started by ronjor, Feb 23, 2010.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
    Story
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The Adobe Bulletin is here
     
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Thanks Ron and siljaline - I checked and did not find the "NOS" folder or "getPlus(R) Helper" service.
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You are most welcome, if you are using Internet Explorer, check your add-ons as well, they may be lurking there. If found, disable or delete.

     
    Last edited: Feb 24, 2010
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    I seldom use IE8. I did check and found a BHO "Adobe PDF Link Helper" v9.3.0.148 12/21/2009. Should this be disabled?
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    That is a valid BHO, leave as-is. I will post back more information to this thread later, when I am able to obtain more information.

    Regards,

     
  7. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Okay, thanks siljaline.
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The findings regarding the vulnerabilities in Adobe's download manager have been unfortunately inconclusive.

    For those that wish to view the Download Manager FAQ, it is here.

    We in the security community are extremely disappointed of Adobe's overall performance as a software vendor and will continue to have this narrow view as long as Adobe remains the top Hacker target :ouch:

     
    Last edited: Feb 27, 2010
  9. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    FWIW, I have removed 99% of Adobe from my W7 64 bit notebook.

    I use Foxit Reader V3.2.1.0401 (free) to read pdf files now seems fine do far.

    The 1% of Adobe I haven't got yet deals with Identity H and V in Adobe/Reader9.0/resource folder.

    Has anybody got any clues on how to wipe these out?

    It is a permissions issue from what I can tell.
     
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Some, out of privacy concerns are moving to Sumatra PDF Viewer, Escalader, though I have not tested it myself.
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    TY.

    Do you mean privacy visa via Adobe or Foxit reader?:doubt:

    My FW rules prevent Foxit from using the www.
     
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You're welcome. :thumb: Privacy from the point of view of Adobe patches which were recently fixed, out-of-band !

    Foxit from a bloatware point of view, I have read numerous complaints since Foxit is the main replacement for Adobe Reader, etc, now. It has
    swelled somewhat. Otherwise I could not comment.

     
    Last edited: Apr 21, 2010
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Well the Foxit web site has many addons they offer for a price.Maybe those cause bloat I don't have them so I don't know either.

    The free reader I just put in uses 29,000 k peak. So in my case with a 8MB RAM it has very little impact.
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thanks for sharing as I was not aware and quite likely others were not, as well.
    Regards,

     
  15. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Further to the Adobe removal matter, I have NOT been successful in:

    1) Finding an un-installer from the Adobe site for Adobe reader (9.x)

    2) Two files remain IDENTITY-H and IDENTITY-V.

    I have added them to my FW executable block list so OP thinks they can execute! That is interesting in itself!

    As well, for good measure I've anti-leaked them to maximum. (no injectables, no hooking, no keylogging etc)

    Any clues on how to rid these pests?


    PS here is the path

    C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\RESOURCE\CMAP
     
    Last edited: Apr 24, 2010
  16. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Escalader

    First remove the blocks etc you've put in place, then use the windows search for Adobe and delete everything you feel is correct. Then use a reg cleaner and do the same.

    I've used those methods dozens of times over the years, with great success, hope you do too.
     
  17. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Clone:

    Did all those steps that BUT these 2 files are locked/protected.

    I set Cleaner up to delete these BUT it failed. So did jv16.

    My temporary Blocks are preventing them from executing only not from being deleted.

    Thanks for replying.:D
     
  18. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Escalader

    Ok, just that you didn't say :D

    Try changing permissions on them and see if they unlock to delete. Also maybe try in safe mode.
     
  19. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Sorry, just hoping for an easier solution. Permission won't change. These 2 nasties owned by SYSTEM. When I try to alter the permissions I am not allowed. To change to full control is greyed out. Fun eh! I am in windows 7.


    UPDATE: VIA SPECIAL PERMISSIONS AND MOVING OWNERSHIP OF THESE FILES TO ME AS ADMIN I FINALLY DELETED THEM!

    NOW I'M GOING FOR THE ADOBE FOLDER, DON'T RECOMMEND THIS TO ANYBODY UNLESS YOU HAVE AN IMAGE BACKUP! (i HAVE)
     
    Last edited: Apr 24, 2010
  20. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Escalader

    Just seen your edit !

    Presumed you were already in Admin mode to attempt this ;) If you still havn't managed to delete them, then i guess it's time for Unlocker :D


    Unlocker

    http://ccollomb.free.fr/unlocker

    Used it many times and it's never failed for me, or lots of others. You might need to reboot afterwards.

    Don't install the EBAY shortcut option, unless you want to :D
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses


    Thanks for the tip !

    I'll get the Unlocker in case I ever need it in the future.
     
  22. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Escalader

    Pleasure, it's a goody to have around.

    So does this mean that you totally Adobe free now ?
     
  23. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Yes!

    I reran jv16 and zapped all the 250 adobe entries in the register.

    Adobe is without doubt one of the most $%%#@@! pieces of intrusive software users have on their setups.
    If you pass your mouse over it it tries to phone home!

    The adobe is in my view not only hazardous it is a "bully".

    Locking those 2 IDENTITY files is an example of their mind set.
     
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Escalader

    Good news :thumb: but not about Adobe, and ALL those 250 entries still in the register, etc etc :thumbd:

    Never use Adobe myself, glad i don't :D
     
Loading...
Thread Status:
Not open for further replies.